chore(release): publish new version

- @standardnotes/analytics@2.26.7
 - @standardnotes/api-gateway@1.74.3
 - @standardnotes/auth-server@1.140.0
 - @standardnotes/domain-events-infra@1.12.24
 - @standardnotes/domain-events@2.125.0
 - @standardnotes/event-store@1.11.35
 - @standardnotes/files-server@1.22.14
 - @standardnotes/home-server@1.15.31
 - @standardnotes/revisions-server@1.33.3
 - @standardnotes/scheduler-server@1.20.39
 - @standardnotes/syncing-server@1.95.0
 - @standardnotes/websockets-server@1.10.36

.github/workflows/common-deploy.yml

@@ -24,7 +24,7 @@ jobs:
     steps:
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v3
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

.github/workflows/common-docker-image.yml

@@ -70,7 +70,7 @@ jobs:
         password: ${{ secrets.DOCKER_PASSWORD }}
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v2
+      uses: aws-actions/configure-aws-credentials@v3
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -90,7 +90,7 @@ jobs:
       uses: docker/setup-buildx-action@master
 
     - name: Publish Docker image
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v4
       with:
         builder: ${{ steps.buildx.outputs.name }}
         context: ${{ steps.bundle-dir.outputs.temp_dir }}

.github/workflows/common-e2e.yml

@@ -21,7 +21,7 @@ jobs:
   e2e:
     name: (Self Hosting) E2E Test Suite
     strategy:
-      fail-fast: true
+      fail-fast: false
       matrix:
         secondary_db_enabled: [true, false]
         transition_mode_enabled: [true, false]
@@ -57,7 +57,7 @@ jobs:
       run: docker/is-available.sh http://localhost:3123 $(pwd)/logs
 
     - name: Run E2E Test Suite
-      run: yarn dlx mocha-headless-chrome --timeout 1800000 -f http://localhost:9001/mocha/test.html
+      run: yarn dlx mocha-headless-chrome --timeout 3600000 -f http://localhost:9001/mocha/test.html
 
     - name: Show logs on failure
       if: ${{ failure() }}
@@ -70,7 +70,7 @@ jobs:
   e2e-home-server:
     name: (Home Server) E2E Test Suite
     strategy:
-      fail-fast: true
+      fail-fast: false
       matrix:
         db_type: [mysql, sqlite]
         cache_type: [redis, memory]
@@ -162,7 +162,7 @@ jobs:
       run: for i in {1..30}; do curl -s http://localhost:3123/healthcheck && break || sleep 1; done
 
     - name: Run E2E Test Suite
-      run: yarn dlx mocha-headless-chrome --timeout 1800000 -f http://localhost:9001/mocha/test.html
+      run: yarn dlx mocha-headless-chrome --timeout 3600000 -f http://localhost:9001/mocha/test.html
 
     - name: Show logs on failure
       if: ${{ failure() }}

.github/workflows/common-self-hosting.yml

@@ -35,7 +35,7 @@ jobs:
       uses: docker/setup-buildx-action@master
 
     - name: Publish Docker image
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v4
       with:
         builder: ${{ steps.buildx.outputs.name }}
         context: .

.github/workflows/e2e-test-suite.yml

@@ -1,5 +1,7 @@
 name: E2E Test Suite On Self Hosted Server
 
+run-name: E2E Test Suite against ${{ inputs.ref_name }} by ${{ inputs.author }}
+
 on:
   schedule:
     - cron: '0 */12 * * *'
@@ -9,6 +11,14 @@ on:
         type: string
         default: latest
         description: The Docker image tag used for SNJS container
+      author:
+        type: string
+        default: unknown
+        description: The author that triggered the workflow
+      ref_name:
+        type: string
+        default: unknown
+        description: The ref name from which the workflow was triggered
 
 jobs:
   e2e:

packages/analytics/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [2.26.7](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.26.6...@standardnotes/analytics@2.26.7) (2023-09-08)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.26.6](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.26.5...@standardnotes/analytics@2.26.6) (2023-09-07)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.26.5](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.26.4...@standardnotes/analytics@2.26.5) (2023-09-07)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.26.4](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.26.3...@standardnotes/analytics@2.26.4) (2023-09-06)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.26.3](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.26.2...@standardnotes/analytics@2.26.3) (2023-09-04)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
+## [2.26.2](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.26.1...@standardnotes/analytics@2.26.2) (2023-09-01)
+
+**Note:** Version bump only for package @standardnotes/analytics
+
 ## [2.26.1](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.26.0...@standardnotes/analytics@2.26.1) (2023-09-01)
 
 ### Bug Fixes

packages/analytics/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/analytics",
-  "version": "2.26.1",
+  "version": "2.26.7",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },
@@ -29,12 +29,12 @@
     "@types/jest": "^29.5.1",
     "@types/mixpanel": "^2.14.4",
     "@types/node": "^20.5.7",
-    "@typescript-eslint/eslint-plugin": "^5.59.2",
-    "@typescript-eslint/parser": "^5.59.2",
+    "@typescript-eslint/eslint-plugin": "^6.5.0",
+    "@typescript-eslint/parser": "^6.5.0",
     "eslint": "^8.39.0",
-    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-plugin-prettier": "^5.0.0",
     "jest": "^29.5.0",
-    "prettier": "^2.8.8",
+    "prettier": "^3.0.3",
     "ts-jest": "^29.1.0",
     "typescript": "^5.0.4"
   },

packages/analytics/src/Infra/Redis/RedisAnalyticsStore.ts

@@ -6,7 +6,10 @@ import { AnalyticsActivity } from '../../Domain/Analytics/AnalyticsActivity'
 import { AnalyticsStoreInterface } from '../../Domain/Analytics/AnalyticsStoreInterface'
 
 export class RedisAnalyticsStore implements AnalyticsStoreInterface {
-  constructor(private periodKeyGenerator: PeriodKeyGeneratorInterface, private redisClient: IORedis.Redis) {}
+  constructor(
+    private periodKeyGenerator: PeriodKeyGeneratorInterface,
+    private redisClient: IORedis.Redis,
+  ) {}
 
   async calculateActivityTotalCountOverTime(activity: AnalyticsActivity, period: Period): Promise<number> {
     if (

packages/analytics/src/Infra/Redis/RedisStatisticsStore.ts

@@ -8,7 +8,10 @@ import { Period } from '../../Domain/Time/Period'
 import { PeriodKeyGeneratorInterface } from '../../Domain/Time/PeriodKeyGeneratorInterface'
 
 export class RedisStatisticsStore implements StatisticsStoreInterface, StatisticMeasureRepositoryInterface {
-  constructor(private periodKeyGenerator: PeriodKeyGeneratorInterface, private redisClient: IORedis.Redis) {}
+  constructor(
+    private periodKeyGenerator: PeriodKeyGeneratorInterface,
+    private redisClient: IORedis.Redis,
+  ) {}
 
   async save(statisticMeasure: StatisticMeasure): Promise<void> {
     const periodKey = this.periodKeyGenerator.getDailyKey(statisticMeasure.props.date)

packages/api-gateway/CHANGELOG.md

@@ -3,6 +3,32 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.74.3](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.74.2...@standardnotes/api-gateway@1.74.3) (2023-09-08)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.74.2](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.74.1...@standardnotes/api-gateway@1.74.2) (2023-09-07)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.74.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.74.0...@standardnotes/api-gateway@1.74.1) (2023-09-07)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+# [1.74.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.73.7...@standardnotes/api-gateway@1.74.0) (2023-09-06)
+
+### Features
+
+* should be able to access shared item revisions as third party user ([#807](https://github.com/standardnotes/api-gateway/issues/807)) ([794cd87](https://github.com/standardnotes/api-gateway/commit/794cd8734acf89fb29f09dfb169a3f08f252bb6a))
+
+## [1.73.7](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.73.6...@standardnotes/api-gateway@1.73.7) (2023-09-04)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
+## [1.73.6](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.73.5...@standardnotes/api-gateway@1.73.6) (2023-09-01)
+
+**Note:** Version bump only for package @standardnotes/api-gateway
+
 ## [1.73.5](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.73.4...@standardnotes/api-gateway@1.73.5) (2023-09-01)
 
 **Note:** Version bump only for package @standardnotes/api-gateway

packages/api-gateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/api-gateway",
-  "version": "1.73.5",
+  "version": "1.74.3",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },
@@ -54,14 +54,13 @@
     "@types/jsonwebtoken": "^9.0.1",
     "@types/node": "^20.5.7",
     "@types/prettyjson": "^0.0.30",
-    "@typescript-eslint/eslint-plugin": "^5.59.2",
-    "@typescript-eslint/parser": "^5.59.2",
+    "@typescript-eslint/eslint-plugin": "^6.5.0",
+    "@typescript-eslint/parser": "^6.5.0",
     "eslint": "^8.39.0",
-    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-plugin-prettier": "^5.0.0",
     "jest": "^29.5.0",
-    "nodemon": "^2.0.19",
     "npm-check-updates": "^16.13.2",
-    "prettier": "^2.8.8",
+    "prettier": "^3.0.3",
     "ts-jest": "^29.1.0",
     "typescript": "^5.0.4"
   },

packages/api-gateway/src/Controller/AuthMiddleware.ts

@@ -72,6 +72,7 @@ export abstract class AuthMiddleware extends BaseMiddleware {
       response.locals.session = decodedToken.session
       response.locals.roles = decodedToken.roles
       response.locals.sharedVaultOwnerContext = decodedToken.shared_vault_owner_context
+      response.locals.belongsToSharedVaults = decodedToken.belongs_to_shared_vaults ?? []
     } catch (error) {
       const errorMessage = (error as AxiosError).isAxiosError
         ? JSON.stringify((error as AxiosError).response?.data)

packages/api-gateway/src/Service/Proxy/DirectCallServiceProxy.ts

@@ -4,7 +4,10 @@ import { ServiceContainerInterface, ServiceIdentifier } from '@standardnotes/dom
 import { ServiceProxyInterface } from '../Http/ServiceProxyInterface'
 
 export class DirectCallServiceProxy implements ServiceProxyInterface {
-  constructor(private serviceContainer: ServiceContainerInterface, private filesServerUrl: string) {}
+  constructor(
+    private serviceContainer: ServiceContainerInterface,
+    private filesServerUrl: string,
+  ) {}
 
   async validateSession(headers: {
     authorization: string

packages/auth/CHANGELOG.md

@@ -3,6 +3,45 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.140.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.139.0...@standardnotes/auth-server@1.140.0) (2023-09-08)
+
+### Bug Fixes
+
+* **auth:** specs ([a164ba2](https://github.com/standardnotes/server/commit/a164ba291d4893b5a0bb4b39a8795d654212a1a6))
+* **auth:** transition users only when transition mode enabled ([610fba2](https://github.com/standardnotes/server/commit/610fba260150d0757020e01ac0c8967feeadd4d6))
+
+### Features
+
+* transition users after sign out ([398338c](https://github.com/standardnotes/server/commit/398338c8f81b12406c7ab3bf1654e60b94d7cfd0))
+
+# [1.139.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.138.2...@standardnotes/auth-server@1.139.0) (2023-09-08)
+
+### Features
+
+* **auth:** add vaults user role into database ([aef9e93](https://github.com/standardnotes/server/commit/aef9e936bdbd1f4ccc32658d3d892e7675ec0e0e))
+
+## [1.138.2](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.138.1...@standardnotes/auth-server@1.138.2) (2023-09-07)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+## [1.138.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.138.0...@standardnotes/auth-server@1.138.1) (2023-09-07)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+# [1.138.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.137.6...@standardnotes/auth-server@1.138.0) (2023-09-06)
+
+### Features
+
+* should be able to access shared item revisions as third party user ([#807](https://github.com/standardnotes/server/issues/807)) ([794cd87](https://github.com/standardnotes/server/commit/794cd8734acf89fb29f09dfb169a3f08f252bb6a))
+
+## [1.137.6](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.137.5...@standardnotes/auth-server@1.137.6) (2023-09-04)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
+## [1.137.5](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.137.4...@standardnotes/auth-server@1.137.5) (2023-09-01)
+
+**Note:** Version bump only for package @standardnotes/auth-server
+
 ## [1.137.4](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.137.3...@standardnotes/auth-server@1.137.4) (2023-09-01)
 
 ### Bug Fixes

packages/auth/migrations/mysql/1694000575425-add-shared-vault-users.ts

@@ -0,0 +1,15 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class AddSharedVaultUsers1694000575425 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      'CREATE TABLE `auth_shared_vault_users` (`uuid` varchar(36) NOT NULL, `shared_vault_uuid` varchar(36) NOT NULL, `user_uuid` varchar(36) NOT NULL, `permission` varchar(24) NOT NULL, `created_at_timestamp` bigint NOT NULL, `updated_at_timestamp` bigint NOT NULL, INDEX `shared_vault_uuid_on_auth_shared_vault_users` (`shared_vault_uuid`), INDEX `user_uuid_on_auth_shared_vault_users` (`user_uuid`), PRIMARY KEY (`uuid`)) ENGINE=InnoDB',
+    )
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query('DROP INDEX `user_uuid_on_auth_shared_vault_users` ON `auth_shared_vault_users`')
+    await queryRunner.query('DROP INDEX `shared_vault_uuid_on_auth_shared_vault_users` ON `auth_shared_vault_users`')
+    await queryRunner.query('DROP TABLE `auth_shared_vault_users`')
+  }
+}

packages/auth/migrations/mysql/1694157482134-add_vaults_user.ts

@@ -0,0 +1,13 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class AddVaultsUser1694157482134 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      'INSERT INTO `roles` (uuid, name, version) VALUES ("35669f45-a2d8-4172-bdab-b7b3d42044ce", "VAULTS_USER", 1)',
+    )
+  }
+
+  public async down(): Promise<void> {
+    return
+  }
+}

packages/auth/migrations/sqlite/1694000640645-add-shared-vault-users.ts

@@ -0,0 +1,21 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class AddSharedVaultUsers1694000640645 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      'CREATE TABLE "auth_shared_vault_users" ("uuid" varchar PRIMARY KEY NOT NULL, "shared_vault_uuid" varchar(36) NOT NULL, "user_uuid" varchar(36) NOT NULL, "permission" varchar(24) NOT NULL, "created_at_timestamp" bigint NOT NULL, "updated_at_timestamp" bigint NOT NULL)',
+    )
+    await queryRunner.query(
+      'CREATE INDEX "shared_vault_uuid_on_auth_shared_vault_users" ON "auth_shared_vault_users" ("shared_vault_uuid") ',
+    )
+    await queryRunner.query(
+      'CREATE INDEX "user_uuid_on_auth_shared_vault_users" ON "auth_shared_vault_users" ("user_uuid") ',
+    )
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query('DROP INDEX "user_uuid_on_auth_shared_vault_users"')
+    await queryRunner.query('DROP INDEX "shared_vault_uuid_on_auth_shared_vault_users"')
+    await queryRunner.query('DROP TABLE "auth_shared_vault_users"')
+  }
+}

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/auth-server",
-  "version": "1.137.4",
+  "version": "1.140.0",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },
@@ -84,15 +84,14 @@
     "@types/otplib": "^10.0.0",
     "@types/prettyjson": "^0.0.30",
     "@types/ua-parser-js": "^0.7.36",
-    "@types/uuid": "^9.0.2",
-    "@typescript-eslint/eslint-plugin": "^5.59.2",
-    "@typescript-eslint/parser": "^5.59.2",
+    "@types/uuid": "^9.0.3",
+    "@typescript-eslint/eslint-plugin": "^6.5.0",
+    "@typescript-eslint/parser": "^6.5.0",
     "eslint": "^8.39.0",
-    "eslint-plugin-prettier": "^4.2.1",
+    "eslint-plugin-prettier": "^5.0.0",
     "jest": "^29.5.0",
-    "nodemon": "^2.0.19",
     "npm-check-updates": "^16.13.2",
-    "prettier": "^2.8.8",
+    "prettier": "^3.0.3",
     "ts-jest": "^29.1.0",
     "typescript": "^5.0.4"
   },

packages/auth/src/Bootstrap/Container.ts

@@ -189,6 +189,7 @@ import {
   ControllerContainer,
   ControllerContainerInterface,
   MapperInterface,
+  SharedVaultUser,
 } from '@standardnotes/domain-core'
 import { SessionTracePersistenceMapper } from '../Mapping/SessionTracePersistenceMapper'
 import { SessionTrace } from '../Domain/Session/SessionTrace'
@@ -263,6 +264,14 @@ import { InMemoryTransitionStatusRepository } from '../Infra/InMemory/InMemoryTr
 import { TransitionStatusUpdatedEventHandler } from '../Domain/Handler/TransitionStatusUpdatedEventHandler'
 import { UpdateTransitionStatus } from '../Domain/UseCase/UpdateTransitionStatus/UpdateTransitionStatus'
 import { GetTransitionStatus } from '../Domain/UseCase/GetTransitionStatus/GetTransitionStatus'
+import { TypeORMSharedVaultUser } from '../Infra/TypeORM/TypeORMSharedVaultUser'
+import { SharedVaultUserPersistenceMapper } from '../Mapping/SharedVaultUserPersistenceMapper'
+import { SharedVaultUserRepositoryInterface } from '../Domain/SharedVault/SharedVaultUserRepositoryInterface'
+import { TypeORMSharedVaultUserRepository } from '../Infra/TypeORM/TypeORMSharedVaultUserRepository'
+import { AddSharedVaultUser } from '../Domain/UseCase/AddSharedVaultUser/AddSharedVaultUser'
+import { RemoveSharedVaultUser } from '../Domain/UseCase/RemoveSharedVaultUser/RemoveSharedVaultUser'
+import { UserAddedToSharedVaultEventHandler } from '../Domain/Handler/UserAddedToSharedVaultEventHandler'
+import { UserRemovedFromSharedVaultEventHandler } from '../Domain/Handler/UserRemovedFromSharedVaultEventHandler'
 
 export class ContainerConfigLoader {
   async load(configuration?: {
@@ -372,6 +381,9 @@ export class ContainerConfigLoader {
     container
       .bind<MapperInterface<CacheEntry, TypeORMCacheEntry>>(TYPES.Auth_CacheEntryPersistenceMapper)
       .toConstantValue(new CacheEntryPersistenceMapper())
+    container
+      .bind<MapperInterface<SharedVaultUser, TypeORMSharedVaultUser>>(TYPES.Auth_SharedVaultUserPersistenceMapper)
+      .toConstantValue(new SharedVaultUserPersistenceMapper())
 
     // ORM
     container
@@ -412,6 +424,9 @@ export class ContainerConfigLoader {
     container
       .bind<Repository<TypeORMCacheEntry>>(TYPES.Auth_ORMCacheEntryRepository)
       .toConstantValue(appDataSource.getRepository(TypeORMCacheEntry))
+    container
+      .bind<Repository<TypeORMSharedVaultUser>>(TYPES.Auth_ORMSharedVaultUserRepository)
+      .toConstantValue(appDataSource.getRepository(TypeORMSharedVaultUser))
 
     // Repositories
     container.bind<SessionRepositoryInterface>(TYPES.Auth_SessionRepository).to(TypeORMSessionRepository)
@@ -468,6 +483,16 @@ export class ContainerConfigLoader {
           container.get(TYPES.Auth_CacheEntryPersistenceMapper),
         ),
       )
+    container
+      .bind<SharedVaultUserRepositoryInterface>(TYPES.Auth_SharedVaultUserRepository)
+      .toConstantValue(
+        new TypeORMSharedVaultUserRepository(
+          container.get<Repository<TypeORMSharedVaultUser>>(TYPES.Auth_ORMSharedVaultUserRepository),
+          container.get<MapperInterface<SharedVaultUser, TypeORMSharedVaultUser>>(
+            TYPES.Auth_SharedVaultUserPersistenceMapper,
+          ),
+        ),
+      )
 
     // Middleware
     container.bind<SessionMiddleware>(TYPES.Auth_SessionMiddleware).to(SessionMiddleware)
@@ -926,6 +951,18 @@ export class ContainerConfigLoader {
           container.get<UserRepositoryInterface>(TYPES.Auth_UserRepository),
         ),
       )
+    container
+      .bind<AddSharedVaultUser>(TYPES.Auth_AddSharedVaultUser)
+      .toConstantValue(
+        new AddSharedVaultUser(container.get<SharedVaultUserRepositoryInterface>(TYPES.Auth_SharedVaultUserRepository)),
+      )
+    container
+      .bind<RemoveSharedVaultUser>(TYPES.Auth_RemoveSharedVaultUser)
+      .toConstantValue(
+        new RemoveSharedVaultUser(
+          container.get<SharedVaultUserRepositoryInterface>(TYPES.Auth_SharedVaultUserRepository),
+        ),
+      )
 
     // Controller
     container
@@ -944,6 +981,7 @@ export class ContainerConfigLoader {
           container.get(TYPES.Auth_GenerateRecoveryCodes),
           container.get(TYPES.Auth_Logger),
           container.get(TYPES.Auth_SessionService),
+          container.get(TYPES.Auth_TRANSITION_MODE_ENABLED),
         ),
       )
     container
@@ -1075,6 +1113,22 @@ export class ContainerConfigLoader {
           container.get<winston.Logger>(TYPES.Auth_Logger),
         ),
       )
+    container
+      .bind<UserAddedToSharedVaultEventHandler>(TYPES.Auth_UserAddedToSharedVaultEventHandler)
+      .toConstantValue(
+        new UserAddedToSharedVaultEventHandler(
+          container.get<AddSharedVaultUser>(TYPES.Auth_AddSharedVaultUser),
+          container.get<winston.Logger>(TYPES.Auth_Logger),
+        ),
+      )
+    container
+      .bind<UserRemovedFromSharedVaultEventHandler>(TYPES.Auth_UserRemovedFromSharedVaultEventHandler)
+      .toConstantValue(
+        new UserRemovedFromSharedVaultEventHandler(
+          container.get<RemoveSharedVaultUser>(TYPES.Auth_RemoveSharedVaultUser),
+          container.get<winston.Logger>(TYPES.Auth_Logger),
+        ),
+      )
 
     const eventHandlers: Map<string, DomainEventHandlerInterface> = new Map([
       ['USER_REGISTERED', container.get(TYPES.Auth_UserRegisteredEventHandler)],
@@ -1107,6 +1161,8 @@ export class ContainerConfigLoader {
       ['EMAIL_SUBSCRIPTION_UNSUBSCRIBED', container.get(TYPES.Auth_EmailSubscriptionUnsubscribedEventHandler)],
       ['PAYMENTS_ACCOUNT_DELETED', container.get(TYPES.Auth_PaymentsAccountDeletedEventHandler)],
       ['TRANSITION_STATUS_UPDATED', container.get(TYPES.Auth_TransitionStatusUpdatedEventHandler)],
+      ['USER_ADDED_TO_SHARED_VAULT', container.get(TYPES.Auth_UserAddedToSharedVaultEventHandler)],
+      ['USER_REMOVED_FROM_SHARED_VAULT', container.get(TYPES.Auth_UserRemovedFromSharedVaultEventHandler)],
     ])
 
     if (isConfiguredForHomeServer) {

packages/auth/src/Bootstrap/DataSource.ts

@@ -18,6 +18,7 @@ import { TypeORMEmergencyAccessInvitation } from '../Infra/TypeORM/TypeORMEmerge
 import { TypeORMSessionTrace } from '../Infra/TypeORM/TypeORMSessionTrace'
 import { Env } from './Env'
 import { SqliteConnectionOptions } from 'typeorm/driver/sqlite/SqliteConnectionOptions'
+import { TypeORMSharedVaultUser } from '../Infra/TypeORM/TypeORMSharedVaultUser'
 
 export class AppDataSource {
   private _dataSource: DataSource | undefined
@@ -64,6 +65,7 @@ export class AppDataSource {
         TypeORMAuthenticatorChallenge,
         TypeORMEmergencyAccessInvitation,
         TypeORMCacheEntry,
+        TypeORMSharedVaultUser,
       ],
       migrations: [`${__dirname}/../../migrations/${isConfiguredForMySQL ? 'mysql' : 'sqlite'}/*.js`],
       migrationsRun: true,

packages/auth/src/Bootstrap/Types.ts

@@ -9,6 +9,7 @@ const TYPES = {
   Auth_AuthenticatorPersistenceMapper: Symbol.for('Auth_AuthenticatorPersistenceMapper'),
   Auth_AuthenticatorHttpMapper: Symbol.for('Auth_AuthenticatorHttpMapper'),
   Auth_CacheEntryPersistenceMapper: Symbol.for('Auth_CacheEntryPersistenceMapper'),
+  Auth_SharedVaultUserPersistenceMapper: Symbol.for('Auth_SharedVaultUserPersistenceMapper'),
   // Controller
   Auth_ControllerContainer: Symbol.for('Auth_ControllerContainer'),
   Auth_AuthController: Symbol.for('Auth_AuthController'),
@@ -36,6 +37,7 @@ const TYPES = {
   Auth_AuthenticatorChallengeRepository: Symbol.for('Auth_AuthenticatorChallengeRepository'),
   Auth_CacheEntryRepository: Symbol.for('Auth_CacheEntryRepository'),
   Auth_TransitionStatusRepository: Symbol.for('Auth_TransitionStatusRepository'),
+  Auth_SharedVaultUserRepository: Symbol.for('Auth_SharedVaultUserRepository'),
   // ORM
   Auth_ORMOfflineSettingRepository: Symbol.for('Auth_ORMOfflineSettingRepository'),
   Auth_ORMOfflineUserSubscriptionRepository: Symbol.for('Auth_ORMOfflineUserSubscriptionRepository'),
@@ -51,6 +53,7 @@ const TYPES = {
   Auth_ORMAuthenticatorRepository: Symbol.for('Auth_ORMAuthenticatorRepository'),
   Auth_ORMAuthenticatorChallengeRepository: Symbol.for('Auth_ORMAuthenticatorChallengeRepository'),
   Auth_ORMCacheEntryRepository: Symbol.for('Auth_ORMCacheEntryRepository'),
+  Auth_ORMSharedVaultUserRepository: Symbol.for('Auth_ORMSharedVaultUserRepository'),
   // Middleware
   Auth_RequiredCrossServiceTokenMiddleware: Symbol.for('Auth_RequiredCrossServiceTokenMiddleware'),
   Auth_OptionalCrossServiceTokenMiddleware: Symbol.for('Auth_OptionalCrossServiceTokenMiddleware'),
@@ -157,6 +160,8 @@ const TYPES = {
   Auth_UpdateStorageQuotaUsedForUser: Symbol.for('Auth_UpdateStorageQuotaUsedForUser'),
   Auth_UpdateTransitionStatus: Symbol.for('Auth_UpdateTransitionStatus'),
   Auth_GetTransitionStatus: Symbol.for('Auth_GetTransitionStatus'),
+  Auth_AddSharedVaultUser: Symbol.for('Auth_AddSharedVaultUser'),
+  Auth_RemoveSharedVaultUser: Symbol.for('Auth_RemoveSharedVaultUser'),
   // Handlers
   Auth_UserRegisteredEventHandler: Symbol.for('Auth_UserRegisteredEventHandler'),
   Auth_AccountDeletionRequestedEventHandler: Symbol.for('Auth_AccountDeletionRequestedEventHandler'),
@@ -186,6 +191,8 @@ const TYPES = {
   Auth_EmailSubscriptionUnsubscribedEventHandler: Symbol.for('Auth_EmailSubscriptionUnsubscribedEventHandler'),
   Auth_PaymentsAccountDeletedEventHandler: Symbol.for('Auth_PaymentsAccountDeletedEventHandler'),
   Auth_TransitionStatusUpdatedEventHandler: Symbol.for('Auth_TransitionStatusUpdatedEventHandler'),
+  Auth_UserAddedToSharedVaultEventHandler: Symbol.for('Auth_UserAddedToSharedVaultEventHandler'),
+  Auth_UserRemovedFromSharedVaultEventHandler: Symbol.for('Auth_UserRemovedFromSharedVaultEventHandler'),
   // Services
   Auth_DeviceDetector: Symbol.for('Auth_DeviceDetector'),
   Auth_SessionService: Symbol.for('Auth_SessionService'),

packages/auth/src/Controller/AuthController.spec.ts

@@ -27,6 +27,7 @@ describe('AuthController', () => {
   let doGenerateRecoveryCodes: GenerateRecoveryCodes
   let logger: Logger
   let sessionService: SessionServiceInterface
+  let transitionModeEnabled: boolean
 
   const createController = () =>
     new AuthController(
@@ -39,6 +40,7 @@ describe('AuthController', () => {
       doGenerateRecoveryCodes,
       logger,
       sessionService,
+      transitionModeEnabled,
     )
 
   beforeEach(() => {
@@ -64,6 +66,8 @@ describe('AuthController', () => {
 
     sessionService = {} as jest.Mocked<SessionServiceInterface>
     sessionService.deleteSessionByToken = jest.fn().mockReturnValue('1-2-3')
+
+    transitionModeEnabled = false
   })
 
   it('should register a user', async () => {

packages/auth/src/Controller/AuthController.ts

@@ -37,6 +37,7 @@ export class AuthController implements UserServerInterface {
     private doGenerateRecoveryCodes: GenerateRecoveryCodes,
     private logger: Logger,
     private sessionService: SessionServiceInterface,
+    private transitionModeEnabled: boolean,
   ) {}
 
   async update(_params: UserUpdateRequestParams): Promise<HttpResponse<UserUpdateResponse>> {
@@ -226,6 +227,14 @@ export class AuthController implements UserServerInterface {
     let headers = undefined
     if (userUuid !== null) {
       headers = new Map([['x-invalidate-cache', userUuid]])
+
+      if (this.transitionModeEnabled) {
+        await this.domainEventPublisher.publish(
+          this.domainEventFactory.createTransitionRequestedEvent({
+            userUuid,
+          }),
+        )
+      }
     }
 
     return {

packages/auth/src/Domain/Error/MFAValidationError.ts

@@ -1,5 +1,9 @@
 export class MFAValidationError extends Error {
-  constructor(message: string, public tag: string, public payload?: Record<string, unknown>) {
+  constructor(
+    message: string,
+    public tag: string,
+    public payload?: Record<string, unknown>,
+  ) {
     super(message)
     Object.setPrototypeOf(this, MFAValidationError.prototype)
   }

packages/auth/src/Domain/Event/DomainEventFactory.ts

@@ -20,6 +20,7 @@ import {
   StatisticPersistenceRequestedEvent,
   SessionCreatedEvent,
   SessionRefreshedEvent,
+  TransitionRequestedEvent,
 } from '@standardnotes/domain-events'
 import { Predicate, PredicateVerificationResult } from '@standardnotes/predicates'
 import { TimerInterface } from '@standardnotes/time'
@@ -32,6 +33,21 @@ import { DomainEventFactoryInterface } from './DomainEventFactoryInterface'
 export class DomainEventFactory implements DomainEventFactoryInterface {
   constructor(@inject(TYPES.Auth_Timer) private timer: TimerInterface) {}
 
+  createTransitionRequestedEvent(dto: { userUuid: string }): TransitionRequestedEvent {
+    return {
+      type: 'TRANSITION_REQUESTED',
+      createdAt: this.timer.getUTCDate(),
+      meta: {
+        correlation: {
+          userIdentifier: dto.userUuid,
+          userIdentifierType: 'uuid',
+        },
+        origin: DomainEventService.Auth,
+      },
+      payload: dto,
+    }
+  }
+
   createSessionCreatedEvent(dto: { userUuid: string }): SessionCreatedEvent {
     return {
       type: 'SESSION_CREATED',

packages/auth/src/Domain/Event/DomainEventFactoryInterface.ts

@@ -18,6 +18,7 @@ import {
   StatisticPersistenceRequestedEvent,
   SessionCreatedEvent,
   SessionRefreshedEvent,
+  TransitionRequestedEvent,
 } from '@standardnotes/domain-events'
 import { InviteeIdentifierType } from '../SharedSubscription/InviteeIdentifierType'
 
@@ -89,4 +90,5 @@ export interface DomainEventFactoryInterface {
   }): StatisticPersistenceRequestedEvent
   createSessionCreatedEvent(dto: { userUuid: string }): SessionCreatedEvent
   createSessionRefreshedEvent(dto: { userUuid: string }): SessionRefreshedEvent
+  createTransitionRequestedEvent(dto: { userUuid: string }): TransitionRequestedEvent
 }